Google, Mozilla, and Apple are using this one weird trick to block Kazakhstan's surveillance of its own citizens

Follow Us

Google and Mozilla are making changes to their respective web browsers to try and thwart the notoriously corrupt government of Kazakhstan's efforts to launch a surveillance operation against its own citizens.

Google (Chrome), Mozilla (Firefox), and now Apple (Safari) are all blocking a root certificate from the Kazakhstan government in their browsers which could be used to intercept encrypted traffic that goes to and Facebook, Gmail, Twitter, or any other news or communication app people might be using there.

Google and Mozilla were first to take action. Later today, an Apple spokesperson began telling reporters that Safari is now also blocking the root certificate as well.

“We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue,” said the unnamed Apple spokesperson.

Better late than never, but these moves by US-based tech companies are too late to protect all Kazakh users from harm. The Kazakhstan government launched the root certificate last month, and since then, the government has been able to monitor the encrypted internet activity of any users who installed it.

The nation forced ISPs to cooperate by making it mandatory for all customers to install the certificate in order to gain access to the internet.

Turns out that the root certificate was a Trojan Horse. It allowed the Kazakhstan government to perform a "man-in-the-middle" or MitM attack against HTTPS connections to a list of 37 domains, including Facebook, Twitter, Google and more, according to a study published by University of Michigan's Censored Planet. Normally, HTTPS websites are encrypted in a way that ISPs or governments won't be able to access it. In the case of Kazakhstan, the MitM attack broke the encryption in these sites, allowing the government to freely spy on private internet activity.

Both the Chrome and Firefox browsers in Kazakhstan will bar the illicit certificate before users can even download it. Mozilla will block Kazakhstan's root certificate with OneCRL, which Firefox has been using to revoke certificates since 2015. Previously, users who accessed the internet in Kazakhstan received a message on their smartphone or computer asking them to install the root certificate.

Now when Firefox detects the certificate in Kazakhstan, it will instead block the connection and display an error message. "Research shows that many users click through errors without understanding what they mean, leaving them no better off than if there were no warning at all. We believe this is the appropriate response because users in Kazakhstan are not being given a meaningful choice over whether to install the certificate and because this attack undermines the integrity of a critical network security mechanism," said Mozilla's Senior Director of Trust & Safety Marshall Erwin in an email to Engadget.

Update: Apple spox said Safari is blocking the root certificate as well. “We have taken action to ensure the certificate is not trusted by Safari and our users are protected from this issue.” https://t.co/VDSpPhc3IY

PHOTO: Shutterstock. TX AG Ken Paxton, shown here, is leading nationwide probe into Google. The Texas attorney general today issued a 29-page civil investigative demand with more than 200 directives for Google to provide detailed information on its ad business. The deadline is October 9.

Having managed to be so vile as to be kicked off Twitter, a darling of the white supremacy market complains about how hard it is to be him. Vice: The provocateur made no mention of the harassment that landed him in social media jail. Nor did he touch on being forced out of Breitbart the […]

This Candy Chemistry set is a great way to learn about candy with your kid, in the kitchen. Do not, however, leave your kid alone with this Candy Chemistry set. Learn all about candy, and temperature control, in your own kitchen. This kit comes with almost everything you’ll need to make quite a few delicious […]

The field of data analytics can get intimidating, even for business professionals who constantly rely on it. But at its heart, its purpose is to simplify. To take mounds of information and distill their insights into a single clear picture. Currently, the go-to software for painting that picture is Tableau. And if you want to […]

If you’re in the market for a stable, durable camera fully suited for first-person video, there’s a good chance that you’re the adventurous type. So why settle on a familiar name like GoPro? The DJI Osmo Action 4K HDR Camera checks off all the same boxes on the action cam checklist as the GoPro 4K […]

The market for web developers is wide open these days. If only we could say the same about the pathway to that career. If you’re not already an experienced coder, it can be difficult to get things rolling. A four-year college degree or technical school? Sure, if you’ve got the money. What about web tutorials? […]